Helping with this thread
http://forums.juniper.net/t5/SRX-Services-Gateway/Port-Forward-and-DMZ-Help/td-p/298917
I've made this conf on my Juniper SRX210BE:
## Last changed: 2016-10-23 15:44:44 CEST version 12.1X46-D55.3; system { host-name JuniperSRX210; time-zone Europe/Rome; root-authentication { encrypted-password "password"; } name-server { 8.8.8.8; 8.8.4.4; 208.67.222.222; 208.67.220.220; } services { ssh; telnet; xnm-clear-text; web-management { http { interface vlan.0; } https { system-generated-certificate; interface vlan.0; } } dhcp { router { 192.168.5.1; } pool 192.168.5.1/24 { address-range low 192.168.5.180 high 192.168.5.254; } propagate-settings ge-0/0/0.0; } dynamic-dns { client address.dyndns.com { server dyndns; agent dyndns; username username; password "password"; interface ge-0/0/0.0; } } } syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands { interactive-commands error; } } max-configurations-on-flash 5; max-configuration-rollbacks 5; license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { ge-0/0/0 { unit 0 { family inet { dhcp; } } } ge-0/0/1 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/2 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/3 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/4 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/5 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/6 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } fe-0/0/7 { unit 0 { family ethernet-switching { vlan { members vlan-trust; } } } } at-1/0/0 { encapsulation ethernet-over-atm; atm-options { vpi 8; } dsl-options { operating-mode auto; } unit 0 { encapsulation ppp-over-ether-over-atm-llc; vci 8.35; } } pp0 { traceoptions { flag all; } unit 0 { point-to-point; ppp-options { pap { default-password "text"; local-name Ispname; local-password "password"; passive; } } pppoe-options { underlying-interface at-1/0/0.0; client; } no-keepalives; family inet { negotiate-address; } } } vlan { unit 0 { family inet { address 192.168.5.1/24; } } } } routing-options { static { route 0.0.0.0/0 { next-hop pp0.0; metric 0; } } } applications { application appl1 { protocol tcp; destination-port 51413; } application appl2 { protocol tcp; destination-port 9101; } application appl3 { protocol tcp; destination-port 57532; } } security { alg { ftp ftps-extension; mgcp disable; rsh; sccp disable; sip { disable; application-screen { unknown-message { permit-nat-applied; } } traceoptions { flag all; } } } flow { tcp-mss { all-tcp { mss 1350; } } } screen { ids-option untrust-screen { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; } } } } } destination { pool pool1 { address 192.168.5.160/32; } pool pool2 { address 192.168.5.160/32; } pool pool3 { address 192.168.5.160/32; } rule-set nasports { from interface vlan.0; rule rule1 { match { destination-address 0.0.0.0/0; destination-port 51413; } then { destination-nat { pool { pool1; } } } } rule rule2 { match { destination-address 0.0.0.0/0; destination-port 9101; } then { destination-nat { pool { pool2; } } } } rule rule3 { match { destination-address 0.0.0.0/0; destination-port 57532; } then { destination-nat { pool { pool3; } } } } } } } policies { from-zone trust to-zone untrust { policy any { match { source-address any; destination-address any; application any; } then { permit; } } } } traceoptions { file flowtrace size 10m world-readable; } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.0; } } security-zone untrust { screen untrust-screen; host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { at-1/0/0.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } pp0.0 { host-inbound-traffic { system-services { all; } protocols { all; } } } } } } } vlans { vlan-trust { vlan-id 3; l3-interface vlan.0; } }
But the three tcp ports, 51413,9101 and 57532 are always closed on local ip 192.168.5.160.
My ISP using dynamic ip.
i'm really appreciate any more help, Thanks